bimbo wrote:
> James W. McKeand ha scritto:
>> Aaron with Morad wrote:
>>
>>> Nevermind, found in the documentation that IPsec through m0n0
>>> doesn't work.
>>>
>>> http://doc.m0n0.ch/handbook/ipsec.html>>
>>
>> It is not as much as an "IPSec through m0n0" as much as it is an
>> "IPSec through NAT" issue. It does not matter if it is a m0n0wall,
>> Linksys box, or anything else doing the NAT - IPSec does not handle
>> NAT well (unless NAT-T in involve - i.e. NAT Transversal).
>
> Mmmm...
> If I set two monowall box (one at home, one at office) I can't use vpn
> ipsec?
>
>
samba-----switch-------monowall------router-----internet------router----
--monowall-----samba
>
> Is it not possible ?
>
> Samba is a machine of LAN connected to a switch.
> monowall is connected to the same switch of samba througth LAN
> inteface.
A point to point IPSec VPN is slightly different than a remote access
IPSec VPN - sometimes called a mobile user VPN. M0n0wall to m0n0wall
IPSec will work - as will m0n0wall to Cisco or m0n0wall to Smoothwall,
etc. The m0n0walls will handle the connection.
Using an IPSec VPN software client (SafeNet SoftRemote for example)
***WILL*** have problems connecting to a m0n0wall IPSec VPN from behind
a NAT.
(per http://doc.m0n0.ch/handbook/ipsec.html#id2598274)
I have had success with using Netgear's VPN client (branded SafeNet
SoftRemoteLT) to access SonicWalls and Netgear VPN routers from behind
my m0n0wall. Those SonicWalls and Netgears handle NAT-T appropriately -
apparently m0n0walls don't handle NAT-T appropriately.
_________________________________
James W. McKeand